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ARTICLES 



Building the Virtual PC 



Mo ycmber lp?7 / Core Technolog ies / Building the Virtual PC 

A software emulator shows that the PowerPC can 
emulate another computer, down to its very hard\ 

EricTraut 

Development of Virtual PC — Connectix Corporation's Macintosh applicatk 
emulates a PC and its peripherals — began almost two years ago, in October 
The goal from the beginning was to create a fully Intel-compatible PC in so: 
The effort centered around a core Pentium instruction-set emulator, complel 
MMX instructions. True PC emulation also required the reverse-engineering 
development of a dozen other PC motherboard devices, including modern 
peripherals such as an accelerated SVGA card, an Ethernet controller, a Sou 
Blaster Pro sound card, IDE/ATAPI controller, and PCI bridge interface. Tt 
strategy of hardware-level emulation resulted in an application that allows 
Macintosh users to run not only Windows programs and DOS games but se^ 
x86-based OSes, including Windows 95, NT, and NeXT OpenStep. 

Pentium Emulation 



The heart of Virtual PC is the Pentium recompiling emulator, a sophisticate* 
of software written entirely in hand-coded PowerPC assembly language. Its 
translate Pentium instruction sequences into a set of optimized PowerPC 
instructions that perform the same operation. Translation occurs on a "basic 
basis, where a basic block consists of a sequence of decoded x86 instruction 
blocks end on an instruction that abruptly changes the flow of execution (ty] 
jump, call, or return-from-subroutine instruction). As the recompiler decode 
instructions, it analyzes them for "condition code" u sage. Finally, it general 
block of PowerPC code that accomplishes the same task. For more details o 
process, see "Virtual PC Operation" . 

For purposes of speeding things up, the emulator employs the following trie 

Translation cache: Even though written in PowerPC assembly language, tl 
translator still requires substantial time to generate optimized instruction 
translations. To reduce this overhead, the emulator caches blocks of translat 
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Interinstruction optimization: Because the Pentium is a CISC processor, i 
instructions perform more than one operation. For example, the ADD instru 
not only adds two values together, it also produces a number of condition- c 
flags that tell programs whether the addition produced a zero or negative res 
Such codes are used, for example, to determine if a program performs a con 
jump. Most of the time these codes are ignored. The translator analyzes bloc 
x86 instructions to dete rmine which flags the program uses (if any). It then 
generates PowerPC code for those flags actually used. The first two listings 
"Translated Code" show how one Pentium instruction translates into three 
PowerPC instructions, while three Pentium instructions can be optimized fn 
into five PowerPC instructions. 

Address translation: One of the most difficult Pentium features to emulate 
built-in memory management unit (MMU). This hardware translates linear < 
logical) addresses into physical memory addresses. Operating systems use tl 
MMU to implement virtual memory and memory protection. Because of the 
Pentium's small register file, about three in four Pentium instructions referei 
memory in one way or another. Each memory address potentially needs to t 
translated before the emulator loads from, or stores to, the referenced addres 
MMU implemented in software would impose a high overhead, which woul 
degrade performance. Luckily, this overhead can be avoi ded: The Connect! 
engineers were able to program the PowerPC's MMU to mimic the Pentium 
MMU's behavior, thus managing the address translations in hardware. The 
Pentium's memory page attributes can also be mirrored in the PowerPC's M 
For example, if Virtual PCs emulated OS marks a memory page as write-pr 
the page mappings are modified so the corresponding PowerPC page is writ 
protected. 

Segment bounds checking: The Pentium architecture includes the archaic i 
of memory segments. Every memory reference, such as instruction fetches, 
operations, loads, and stores, has an associated memory segment. When a 
segment's bounds are exceeded, the Pentium's MMU generates a general pr< 
fault (GPF). The OS uses GPFs for more than detecting bugs in applications 
enable a program to "thunk" down into privileged driver-level code not acce 
at the application level. Therefore, the Pentium emulator must detect segrne: 
bound faults where appropriate. Although the PowerPC does not contain 
segmentation hardware akin to the Pentium, Connectix used PowerPC trap 
instructions to perform segment bounds checks with little or no overhead. 



Hardware Emulation 



Besides the Pentium processor, a typical PC motherboard contains a dozen < 
chips that work together concurrently. All these chips need to be emulated 
faithfully for compatibility. The Intel architecture provides an I/O address sj 
that's used to access hardware outside of the CPU. You work with this "I/O 
through two instructions - in and out. When using these instructions, softv 
must specify an I/O port (or address). Virtual PC routes I/O accesses to cod< 
modules that emulate each chip. For example, if Virtual PC encounters an B 
instruction referencing port 0x21, it calls a routine in the interrupt-controllei 
emulation module that returns the current interrupt mask. Similar module ca 
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occur for every I/O space access, as the third listing in "Translated Code" sh 

Many of the extra chips on a PC motherboard control I/O devices such as th 
drive, CD-ROM, keyboard, and mouse. For compatibility with the Mac OS 
Macintosh hardware, Virtual PC performs all I/O through the standard Mac 
drivers. So, a request sent to the emulated PCs IDE controller to read a sect 
the hard drive gets translated into a read operation that's sent to the Mac OS 
driver. 

The most difficult hardware components to emulate involve precise timing, 
example, sound is a real-time operation, and any timing perturbation results 
clicks or pops as digitally sampled data fails to arrive on time. Because Virt 
is hosted on the Mac OS (which gives time to other Mac programs running 
concurrently, as well as Virtual PC), and it needs to emulate several dozen I 
chips in parallel, precise timing isn't always possible. Virtual PC compensat 
placing the highest priority on tasks that directly affect the user, such as sou 
video. 

Performa nee 

Emulated systems are naturally going to be slower than real hardware. But 
Connectix engineers concentrated on tuning aspects of the emulated hardwa 
required to run popular PC games and productivity applications at a usable 
performance level. This was especially challenging given that the PowerPC 
processor emulates not only the Pentium but all the other chips on a PC 
motherboard. 

Performance of Virtual PC is also greatly affected by the host hardware sysl 
The latest PowerPC processors with high clock rates and large on-chip each 
run it best. The speed and size of the system's L2 cache is also critical becar 
the code expansion that occurs during the translation process. 

While users will take a performance hit because this is an emulator, Virtual 
successfully emulates the entire PC at a very low level. PC programs — 
applications, device drivers, and operating systems alike - cannot tell they i 
running on actual PC hardware. 



Translate d Code 

Translation of Single Pentium 

Pentium instruction 
ADD EAX,20 



Instruction 

PowerPC instructions 

li rTempl,20 
addco . PF, rTempl , rE? 

mr rEAX,rPF 



Translation of Pentium Instruction Block 
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Pentium instructions 



PowerPC instructions 



ADD EAX,20 
ADD EBX,3 0 
ADD ECX,40 



add 
add 
li 

addco . 
mr 



rEAX , r EAX , 2 0 

rEBX,rEBX,30 

rTempl,40 

rPF,rTempl,rE 

rECX,rPF 



Code Translation for Pentium I/O Instructions 



Pentium instructions 

MOV AL,8 
MOV DX,0xlF0 
OUT DX, AL 
AD 

D DX,7 
IN AL/ DX 
RET 



PowerPC instructions 



li 

li 
bl 

addi 
bl 

addi 
b 



rAL, 8 

rDX, OxlFO 

HandlelDEPort 

rDX, rDX, 7 

HandlelDEPort 
rIP,rIP, 8 
DispatchToNe> 



Virtual PC Operation 

illustration link (24 Kbytes^ 




Eric Traut ( majMo^traut^onnMMx^cmh) is lead engineer for Virtual PC at Con 
Apple Computer, he wrote the 680x0 dynamic recompiling emulator for PowerPt 
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